Re: pkcs12 into IE5.5, stubborn priv keys

At 12:19 AM 06/10/2000 +0100, you wrote: >The only documented way to change the level is to delete the container >and recreate it. > >You can do things by deleting the key container at a CryptoAPI level, >but you need a fair knowledge of CryptoAPI to do that. > >I recall Outlook (maybe Outlook exp

RE: Question about "make install" of OpenSSL

> Sorry Richardo, > I'm little confused. I read that OpenSSL is not mod_ssl. So, hmmm, how > can I follow the instrutions for mod_ssl to compile OpenSSL? Your Compaq computer may come with instructions on how to install NT. The fact that the computer is not NT is not an impediment to fo

Re: pkcs12 into IE5.5, stubborn priv keys

admin wrote: > > Hi, > > I import my pkcs12 personal certificate (openssl generated) into IE5.5. It > takes it without a problem and puts everything in its place: CA cert, > personal cert, private key. > > The problem is that once I set up the initial security level on the private > key (low,

pkcs12 into IE5.5, stubborn priv keys

Hi, I import my pkcs12 personal certificate (openssl generated) into IE5.5. It takes it without a problem and puts everything in its place: CA cert, personal cert, private key. The problem is that once I set up the initial security level on the private key (low, medium, high, and the passwo

(Sol2.7,openssl 0.9.6,imaps-2000)pine4.21 hangs

Okay, I'm not sure how much of a newbie question this is, but I'll try to be complete-- I have a Sparc LX running Solaris 2.7 on which I'm trying to build a secure imaps-enabled mail server (Sendmail 8.9.3+). Ordinary incoming and outgoing mail is functioning properly-- I built everything with

Re: Question about "make install" of OpenSSL

Yes, OpenSSL is not mod_ssl... mod_ssl is a module for apache that in conjunction with openssl, makes an SSL aware apache. There is another implementation I believe called ApacheSSL. Go to www.modssl.org, and look for the install instructions. They are extremely straight forward, and walk you

Re: HELP: Programming in Open SSL - where to start? Sample code?

Hey Ken, Here are a few links I've found helpful.

Re: Removing RC5 from Openssl under Windows NT

From: Jeff Roberts <[EMAIL PROTECTED]> jeffr> Can anyone tell me how to remove RC5 from the OpenSSL build jeffr> under Windows Microsoft VC+ ? Configure with no-rc5? -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 Redakt

Removing RC5 from Openssl under Windows NT

Can anyone tell me how to remove RC5 from the OpenSSL build under Windows Microsoft VC+ ? Thank you __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL

Re: Question about "make install" of OpenSSL

>I'm little confused. I read that OpenSSL is not mod_ssl. So, hmmm, how >can I follow the instrutions for mod_ssl to compile OpenSSL? Three parts - OpenSSL <--> mod_ssl <--> Apache mod_ssl is the bridge between Apache and SSL. Since it cannot be built without OpenSSL, they have very nice

RE: Question about "make install" of OpenSSL

This site offers a quick walk trough in setting up a apache/php4/mod_ssl site. It`s linux oriented but with a little bit of thought, it should be fairly easy to follow this installation and adapt it to Solaris. Offcourse you can skip the php4/mysql parts ... http://www.devshed.com/Server_Side/P

Re: Question about "make install" of OpenSSL

Sorry Richardo, I'm little confused. I read that OpenSSL is not mod_ssl. So, hmmm, how can I follow the instrutions for mod_ssl to compile OpenSSL? BTW, where can I find those information about how to intergret OpenSSL into an application like Apache? I know that the general idea is tp apply som

Re: Question about "make install" of OpenSSL

Thanks first Richard, Ok, I paste all the lines before that this time: -- wcars12f-32> make install making all in crypto... making all in crypto/md2... making all in crypto/md4... making all in crypto/md5... making all in crypto/sha... making all in crypto

Re: Question about "make install" of OpenSSL

If you want to use 'mod_ssl' I strongly suggest you follow the instructions there for compiling both openssl and apache. They are very straight forward... My .02... Antai Ning wrote: > > Hi there, > > I'm quite new to OpenSSL. I'm trying to build and set up a SSL > enabled Apache on Sun sola

Re: Question about "make install" of OpenSSL

From: "Antai Ning" <[EMAIL PROTECTED]> antai> *** Error code 139 antai> make: Fatal error: Command failed for target `install_docs' antai> antai> Any idea about that? I actually searched the FAQ archive, I antai> didn't find a answer there. *sigh* Nope. No idea at all, except that you might n

Re: is pgp the devil?

Javier Baliosian wrote: > IS POSSIBLE SOME KIND OF INTERACTION BETWEEN OPENSSL AN PGP? > > SOME OF THE KEY OR CERTIFICATE FORMATS MANAGED FOR OPENSSL ARE PGP > COMPATIBLE? (I hear you ;-) ) I have done just a little bit testing with PGP 7.0 for Windows. I was able to import OpenSSL certificates

Re: Browser's signature function

Shawn Page wrote: > > Why is it not advisable to use openssl/crypto/pkcs7/verify.c ? > Because it uses various internal functions that are tricky to handle and subject to change whereas apps/smime.c uses a simpler high level API. Though admittedly it isn't really documented yet but it will be.

Question about "make install" of OpenSSL

Hi there, I'm quite new to OpenSSL. I'm trying to build and set up a SSL enabled Apache on Sun solaries 2.6. I encountered problems in building OpenSSL. I downloaded OpenSSL 0.9.6. I'm successful in the first three steps, "configure", "make", and "make test". But I got this error when I run "ma

Re: Browser's signature function

Why is it not advisable to use openssl/crypto/pkcs7/verify.c ? Dr S N Henson wrote: > tangquan wrote: > > > > you can verify your signature using openssl/crypto/pkcs7/verify.c . > > according to my experience, Netscape make a standand pkcs7 digital > > signature and encode it in base64 format. >

is pgp the devil?

hi, sorry for my english, maybe i am doing stupid questions and i am not noticed about it, may be it is not the right mailing list (if this is the case please tell me) i don't know. but IS POSSIBLE SOME KIND OF INTERACTION BETWEEN OPENSSL AN PGP? SOME OF THE KEY OR CERTIFICATE FORMATS MANAGED

Re: Key Usage Extension

Frank Balluffi wrote: > > I am confused about how to check a key usage extension. I see that ca_check > "calls" ku_reject, which uses the X509 ex_flags element. > > Is it necessary to use the ku_reject method or is it possible to call > d2i_ASN1_BIT_STRING (to decode the KeyUsage BIT STRING) and

Re: followup to problem I posted

On Thu, 05 Oct 2000, Dr S N Henson wrote: > There may be an expired certificate in the directory which wouldn't have > been noticed before > > OpenSSL 0.9.6 has the ability to search for multiple certificates > matching given criteria and one of these may be an expired certificate > as a res

Re: followup to problem I posted

George Staikos wrote: > > > The problem only seems to be reproducible on Redhat 7.0 so far, but I > haven't had enough people test it yet. Basically, RSA/Verisign signed > certificates all are determined to be expired by the X509 verification code. > Thawte certificates work fine. Also if I

Re: Certificate usage (how IE determines)

Paulius Bulotas wrote: > > Hello, > > when I create server certificate, install it into apache, when viewing > certificate from IE, it shows every possible usage, but in my openssl.cnf is > only keyUsage=nonRepudiation [for test purposes]. > What am I doing wrong and how to do it correctly ;) >

Re: Browser's signature function

tangquan wrote: > > you can verify your signature using openssl/crypto/pkcs7/verify.c . > according to my experience, Netscape make a standand pkcs7 digital > signature and encode it in base64 format. > You can but that's not advisable. With OpenSSL 0.9.6 you should use the 'smime' application.

Certificate usage (how IE determines)

Hello, when I create server certificate, install it into apache, when viewing certificate from IE, it shows every possible usage, but in my openssl.cnf is only keyUsage=nonRepudiation [for test purposes]. What am I doing wrong and how to do it correctly ;) Regards, Paulius -- Paulius Bulotas CS

Re: followup to problem I posted

On Thu, Oct 05, 2000 at 10:37:05AM -0400, George Staikos wrote: > On Thu, 05 Oct 2000, Lutz Jaenicke wrote: > > On Thu, Oct 05, 2000 at 10:16:58AM -0400, George Staikos wrote: > > > I have found that using a .crt bundle instead of a hashed directory works. > > > Perhaps is this code broken in 0.9

how to use RSA_public_decrypt and RSA_private_encrypt pair?

Hi,everyone: I want to use RSA_public_decrypt and RSA_private_encrypt to sign and verify .But I cannot get it work . For RSA_public_encrypt and RSA_private_decrypt there is a good example in RSA/rsatest.c ,can anyone send me an example like rsatest.c but using RSA_public_decrypt and RSA_priva

Re: followup to problem I posted

On Thu, 05 Oct 2000, Lutz Jaenicke wrote: > On Thu, Oct 05, 2000 at 10:16:58AM -0400, George Staikos wrote: > > I have found that using a .crt bundle instead of a hashed directory works. > > Perhaps is this code broken in 0.9.6? > > What do you mean by "broken"? > I performed some tests myself,

Re: followup to problem I posted

On Thu, Oct 05, 2000 at 10:16:58AM -0400, George Staikos wrote: > I have found that using a .crt bundle instead of a hashed directory works. > Perhaps is this code broken in 0.9.6? What do you mean by "broken"? I performed some tests myself, cannot see a problem. Did you remember to perform a "c

followup to problem I posted

I have found that using a .crt bundle instead of a hashed directory works. Perhaps is this code broken in 0.9.6? -- George Staikos __ OpenSSL Project http://www.openssl.org User Support Mail

Using with Redhat6.2

Hi. I just got Dell server with Redhat6.2 installed. I tried to install openssl and modssl with mm. However, I simply dose not seems to be work properly. Browser points right page at port 80 but 443, nothing happened. Is someone be able to provide me an advise?? Please, J.Motegi __

PB of cert for european browser

Hy, I've generated two csr for two certificate with openssl and my apache server only accept to do SSL with american version of browsers. I think this is a problem of size of bits which is limited to 40 or 56 in europe rather than 128 in USA. Perhaps do you know the word of domestic or exchang

Re: Certificates problem with Netscape

Hi Sergio, thanks for your response. I have some more questions and would greatly appreciate it if you, or somebody else could help me some more. Sergio Rabellino wrote: > Jacobus van der Merwe wrote: > > ... > > [Netscape says certs are accepted for 'People' but there is > > nothing there]

Fwd: How do I debug when using the library?

I've written a little test program based on the code in the tutorial at www.darkspell.com and am seeing the following: SSL_connect returns 0 SSL_write returns -1 Can anyone point me in the direction of the correct API functions to use to diagnose the problem? Thanks Mike Cunningham ***

IBM payment gateway connectivity problems

Hi, I'm currently testing connectivity between a IBM payment gateway and openssl. IBM tells me that connections are dropped because openssl doesn't send the rigth header size. Does anyone know of this problem ??? mvh, Carsten Rhod Gregersen, Email: [EMAIL PROTECTED], Web: http://www.rgm.dk

Re: How do I add my CA to the ca-bundle file?

On Wed, Oct 04, 2000 at 05:43:06PM -0400, Louis LeBlanc wrote: > Hello, All. > > I am trying to verify the SSL certificate verification procedure. A bit > redundant, I know, but there we are. > I need to add the signature to the ca cert I created to the ca-bundle > file I am testing with. I kee

Crypt::SSLeay does work under Linux but not under Solaris

Hi, have perl 5.005_03, openssl-0.9.5a and LWP (whatever version). And Crypt::SSLeay Version 0.16 and/or 0.17 The following code works perfectly under Linux, but under Solaris 2.6 oder 2.7 I get the timeout ... #!/usr/bin/perl5 use LWP::UserAgent; my $ua = new LWP::UserAgent; my $req = new HTT

Re: Browser's signature function

you can verify your signature using openssl/crypto/pkcs7/verify.c . according to my experience, Netscape make a standand pkcs7 digital signature and encode it in base64 format. but I don't know how to sign a form in the IE too. who can help us? tom tang - Original Message - From: "Erwan

Re: Browser's signature function

I met this question too.How to signint something in the IE? please give some enlightment!- Original Message - From: 鄭嘉豐   To: '[EMAIL PROTECTED]'   Sent: Thursday, September 28, 2000 7:28 AMSubject: Browser's signature fun

Re: How do I add my CA to the ca-bundle file?

I met this question too. - Original Message - From: "Louis LeBlanc" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, October 04, 2000 2:43 PM Subject: How do I add my CA to the ca-bundle file? > Hello, All. > > I am trying to verify the SSL certificate verification procedu